WebApp Sec mailing list archives
Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
From: Chris Shiflett <shiflett () php net>
Date: Mon, 16 Aug 2004 13:44:05 -0700 (PDT)
--- Saqib.N.Ali () seagate com wrote:
Upon your suggestion, I used a sniffer to sniff traffic for the web app that I am working on. To my surprise, the data captured during the sniff for both browsers was exactly the same.
Can you elaborate or post the exact requests sent from each browser? I'm assuming the User-Agent header was different, at the very least, so I question what "exactly" means in this case. :-) Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/
Current thread:
- Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Chris Shiflett (Aug 17)
- <Possible follow-ups>
- Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Chris Shiflett (Aug 17)
- RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Jay Blanchard (Aug 17)
- RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Chris Shiflett (Aug 17)
- RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Chris Shiflett (Aug 17)
- Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Octavian Rasnita (Aug 17)
- Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Chris Shiflett (Aug 17)
- Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Octavian Rasnita (Aug 17)
- Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Chris Shiflett (Aug 17)
- RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Vail, Warren (Aug 17)
- RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Ed Lazor (Aug 17)
- RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Michael Silk (Aug 18)